Contributors

January 6, 2015

Biometric Authentication – Is this the Death of the Password?

2015 promises to be the year when keyboard passwords become obsolete in favor of biometric authentication.

Your new job asks for a 16-character password that includes a capital letter, number, symbol and the hieroglyphic mark for caterpillar. Your social sites require passwords of varying lengths, and you know that “scott123” password you’ve been using since high school is a security leaky faucet.

“Passwords will become obsolete by 2018,” says Ben Wood, lead analyst for CSS Insights. He said password retrieval costs companies an average of two days in lost productivity each year. “We firmly believe that passwords as we know them today will disappear.”

We are bombarded by news of frequent security breaches and we feel helpless, hoping and praying our bank’s IT team has things under control. Let’s face it, you don’t have to be Beyoncé to get your Twitter account hacked, and we’ve learned many merchants can be security sieves.

Hacked-into retailers include Target, Neiman Marcus, UPS, Goodwill, Sony and Home Depot, to name a few. Hacking of Instagram, Snapchat and Facebook accounts seems almost commonplace.

Inc. Magazine reported that password breaches increased by 300 percent from 2011 to 2012. Deloitte predicted that 90 percent of user-generated passwords would be easy to crack by the end of 2013.

“The average person today has over two dozen online accounts, each one protected by a password,” says Dr. Richard Reiner, VP of Technology at Intel’s Safe Identity Solutions Division.

“But almost no one can memorize that many highly-complex passwords.”

Throw in security requests for password changes, plus all those times you have to email tech support for password retrieval only to get a temporary password you forget to change — and the password vortex can suck your memory dry.

“That’s the dilemma people are facing: either use simpler passwords, or re-use the same password in many places, or write their passwords down somewhere — none of which are secure,” says Reiner.

Thanks to news coming from Intel Security this week, we might not have to wait long.

True Key™ by Intel Security, officially announced on Monday, is an application that will dramatically change the way we authenticate our online identities.

True Key is an application you install on your phone, tablet or computer. As you navigate to your apps, websites and devices, it helps you choose stronger passwords and makes using them effortless with its password generator, military-grade encryption and multiple advanced-security technologies.

It also uses biometrics factors, like facial recognition using your facial math and fingerprints, on supported devices like iOS and Samsung phones, that allows you to login to your devices securely, and move easily across websites, without having to enter a password (the app does it for you).

True Key’s Face Unlock works by taking a template of your face and creating a mathematical representation of the key facial features (like the distance between your eyes and other points on your face). The calculation (not your photo) is stored locally and encrypted on your device.

When a server match is required, a mathematical template of the face is matched on the server. Promptly after, the image of your face is deleted. Everything we store is encrypted with strong encryption and could never be used to reproduce your face.

It’s a giant step toward Intel’s “no passwords” vision.

“True Key combines the powerful multi-factor authentication engine we have built, with an award-winning password manager product, PasswordBox (selected as Best Mobile App at CES 2014),” explains Reiner. “This is a unique combination — one that makes True Key both simpler and more secure.”

At this week’s International Consumer Electronics Show (CES) in Las Vegas, visitors to the Intel booth can see demos of True Key’s feature in action, including Face Unlock, Swipe Unlock, Touch Unlock and Master Password.

True Key is available for a limited release as of January 5, 2015. People can request an invite and join the waitlist, or the general product release will be available later in the year. True Key will function on a freemium model like Dropbox, where users will get up to 15 logins stored for free. Users will be able to earn more free password space by completing actions within the app.

A premium subscription with additional space costs $19.99 per year or $1.99 per month. True Key is useable on Windows PC, Mac, Android, iOS devices and across Chrome and Internet Explorer and will grow to support more devices, platforms and factors in the months to come.

These are early days for password obliteration, but the one-day dumping of “scott123” is looking pretty good. Reiner is excited about True Key’s potential and how it will continue to develop along with new technologies.

“Our Face Unlock already has unique detection features to thwart spoofing, but 3D-depth detection using Intel RealSense will take this to another level,” he said, adding that the application will leverage Intel’s Software Guard Extensions (SGX) to further protect against sophisticated threats.

Intel is also working with home security giant ADT, to bring RealSense and True Key technology to your front door, enabling multi-factor authentication for a digital deadbolt. Imagine being able to enter you’re locked house — without a key.

Reiner also hints at True Key sneaking into the wearables market, where your smartwatch or heart-rate monitor could be used as an authentication factor. Biometrics introduce a whole new level of authentication where your password really is…you.